-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathmain.tf
197 lines (161 loc) · 4.68 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
# This Terraform script deploys 3 nodes on GCP and opens up firewalls for ScyllaDB
# Faisal Saeed @ ScyllaDB
terraform {
# Use the latest GCP provider
required_providers {
google = {
source = "hashicorp/google"
version = "5.32.0"
}
}
required_version = ">= 1.5.7"
}
# Google Project and Region from the default variables
provider "google" {
project = var.project_id
region = var.region
}
# To get "My Public IP"
data "http" "my_ip" {
url = "https://api.ipify.org"
}
# Get available zones in the specified region
data "google_compute_zones" "available" {
region = var.region
}
# Random number provider
provider "random" {
# Nothing to do here
}
# Provision 3 nodes
resource "google_compute_instance" "scylla-node" {
count = var.node_count
name = "${var.name_prefix}-scylla-node-${format("%02d", count.index + 1)}"
machine_type = var.hardware_type
# Cycle through the availalbe zones in the region and assign to the nodes being provisioned.
zone = element(data.google_compute_zones.available.names, count.index % length(data.google_compute_zones.available.names))
tags = ["keep", "alive", "ssh"]
# Set up the public key
metadata = {
ssh-keys = "ubuntu:${file(var.ssh_public_key_path)}"
}
# Default boot disk from GCP, this is the pre-defined disk images from GCP, search GCP if a different OS version is needed
boot_disk {
initialize_params {
image = "ubuntu-2204-lts"
#size = 256
}
}
# Add on an NVMe disk, this will be used by Scylla Ansible Role for the data directory
scratch_disk {
interface = "NVME"
}
network_interface {
network = "default"
access_config {
}
}
}
# Define SSH rule
resource "google_compute_firewall" "allow_ssh" {
name = "allow-ssh-${random_id.firewall_suffix.hex}"
network = "default"
allow {
protocol = "tcp"
ports = ["22"]
}
source_ranges = ["0.0.0.0/0"]
target_tags = ["ssh"]
}
# Open CQL firewall, port 9042
resource "google_compute_firewall" "allow_cql" {
name = "allow-cql-${random_id.firewall_suffix.hex}"
network = "default"
allow {
protocol = "tcp"
ports = ["9042"]
}
# Allow my Public IP only
source_ranges = [data.http.my_ip.response_body]
#source_ranges = ["0.0.0.0/0"]
target_tags = ["scylla"]
}
# Open other required firewalls for Scylla, port 9160
resource "google_compute_firewall" "allow_thrift" {
name = "allow-thrift-${random_id.firewall_suffix.hex}"
network = "default"
allow {
protocol = "tcp"
ports = ["9160"]
}
source_ranges = ["0.0.0.0/0"]
target_tags = ["scylla"]
}
# Open internode communication firewall, port 7001
resource "google_compute_firewall" "allow_internode" {
name = "allow-internode-${random_id.firewall_suffix.hex}"
network = "default"
allow {
protocol = "tcp"
ports = ["7000", "7001"]
}
source_ranges = ["0.0.0.0/0"]
target_tags = ["scylla"]
}
# Open JMX firewall, port 7199
resource "google_compute_firewall" "allow_jmx" {
name = "allow-jmx-${random_id.firewall_suffix.hex}"
network = "default"
allow {
protocol = "tcp"
ports = ["7199"]
}
source_ranges = ["0.0.0.0/0"]
target_tags = ["scylla"]
}
# Open REST-API firewall, port 10000
resource "google_compute_firewall" "allow_rest_api" {
name = "allow-rest-api-${random_id.firewall_suffix.hex}"
network = "default"
allow {
protocol = "tcp"
ports = ["10000"]
}
source_ranges = ["0.0.0.0/0"]
target_tags = ["scylla"]
}
# Open alternator firewall, port 8000
resource "google_compute_firewall" "allow_alternator" {
name = "allow-alternator-${random_id.firewall_suffix.hex}"
network = "default"
allow {
protocol = "tcp"
ports = ["8000"]
}
source_ranges = ["0.0.0.0/0"]
target_tags = ["scylla"]
}
# Firewall name suffix so that it does not conflict with any existing firewall name.
resource "random_id" "firewall_suffix" {
byte_length = 2
}
# Output for Internal IP addresses
output "internal_ips" {
value = google_compute_instance.scylla-node[*].network_interface.0.network_ip
description = "Internal IP addresses of the instances"
}
# Output for External/Public IP addresses
output "public_ips" {
value = google_compute_instance.scylla-node[*].network_interface.0.access_config.0.nat_ip
description = "Public IP addresses of the instances"
}
# Output for the region (also DC)
output "region" {
value = var.region
description = "Region (also DC) where the instances are deployed"
}
# Output for the zones (also RACKs)
output "zones" {
value = [for instance in google_compute_instance.scylla-node : instance.zone]
description = "Zones (also RACKs) where the instances are deployed"
}